Clif Notes Freeware and Website Reviews
[Back to the Review Archive]  [See the newsletter archives]

 Security The EZ-Emoticons Challenge - make a program run without spyware installing

A recent online aquaintence challenged me to help him use a spyware program that he likes. I would not recommend or condone the use of "hacked" software, so I'm hoping there may be an easy fix that does not involve any changes to the EZ-Emoticons code and doesn't violate the EULA. You know what this means don't you? I'm going to intentionally infect my pc with spyware (Yikes!). I've done this before, both on purpose and by accident, so I'm fairly confident I can handle it. Some of the tools I'll be using are listed here. MSN Messenger, Total Uninstall, HiJackThis, NetMon and others I'll mention as we go along.


I installed MSN Messenger and and used NetMon to find the IP addresses it uses when it connects to the internet. Next I fired up Total Uninstall (TUN) and installed EZ-Emoticon. I read the EULA for the software and it states clearly you have to install 180Search Assistant to use EZ-Emoticons, but that it can be uninstalled. So if you don't want it follow these uninstall instructions. But, that's not the only thing I found.

While it was installing I noticed it triggered StartupMonitor three times asking for executables to start in the autorun areas of my pc. I allowed them to add the startup entries because I knew I could remove everything with TUN. After the install of EZ-Emoticons, I watched the internet IP's that it was using to contact it's servers out on the web and noted the addresses. I'm guessing that if a person can block these addresses, the spyware cannot function properly if it can't download more stuff to add to your problems. To block the addresses a person should only have to add them to the Windows HOSTS file and point them at the local machine. Here are the lines that should be added to the HOSTS file.

127.0.0.1       209.164.32.205.ptr.us.xo.net
127.0.0.1       web104.discountasp.net

There's no guarantee that this will keep the spyware in check but it's worth a try.

I've got a couple more ideas to try out and I'll let you know what happens later. In the mean time if you are using EZ-Emoticons, I'd recommend you uninstall it and do the following things before reinstalling it. Update your AntiSpyware and AntiVirus programs and boot into safe mode then do complete system scans. After the scans and booting into normal mode you can add the HOST file entries above and try re-installing EZ-Emoticons. Then uninstall 180Search Assistant if you want to.

Website - Quote from eripmav

hi Clif,

actually i may have a little problem that you may like to try solving (i'm sure you thrive on challenges =) )

i have this add-on for MSN that allows you to bring up a side menu with all your emoticons for easy browsing and usage ... problem is, it comes with spyware. I used Spybot and SpySweeper to get rid of them, but the come back after a while.

the name of program is EZ-Emoticons
http://www.sherv.net/EZ-Emoticons.html

some of the spyware that gets installed include 180solutions\ncase\msbb and two others that get installed in WINDOWS which are xspub.exe and bkr.exe .... i think these stem from a file called 441725257.edat that gets installed at Program Files ... deleting this causes the program not to work ..

maybe you can have a play and see if there's a way to work around this =)

thanks for your time Clif, and no hurries, i'm sure you must be a real busy person =)

have a good one!

Clif Notes Freeware and Website Reviews